Over half of us say we can’t remember all our passwords. That makes sense, given that almost a third of all companies require their employees to remember six or more of them.

Cloud identity management company Ping Identity says that between those six or more corporate passwords and all the personal passwords we maintain, the average person has to remember 15 passwords. That’s probably a recipe for disaster, given the total information onslaught we face every day, which is why the majority of us — 61 percent — reuse passwords from site to site.

That’s what security companies call “password negligence,” and the results are costly.

Too many passwords and not enough memory contributes to 39 percent of all malicious hacking attacks, which can cost large enterprises$5.5 million each.

One solution, of course, is corporations requiring users to change their passwords every 30 to 60 days. That’s more secure,theoretically, but people often reuse an old password. Or, worse, if they’re worried they won’t be able to remember the new password, they may write it down.

The end result, unfortunately, can be less security than before the change.